CISA published a Phishing Infographic to help protect both organizations and individuals from successful phishing operations. This infographic provides a visual summary of how threat actors execute successful phishing operations. Details include metrics that compare the likelihood of certain types of “bait” and how commonly each bait type succeeds in tricking the targeted individual. The infographic also provides detailed actions organizations and individuals can take to prevent successful phishing operations—from blocking phishing attempts to teaching individuals how to report successful phishing operations.

Phishing is a form of social engineering in which a cyber threat actor poses as a trustworthy colleague, acquaintance, or organization to lure a victim into providing sensitive information or network access. The lures can come in the form of an email, text message, or even a phone call. If successful, this technique could enable threat actors to gain initial access to a network and affect the targeted organization and related third parties. The result can be a data breach, data or service loss, identity fraud, malware infection, or ransomware.

Phishing susceptibility is the likelihood of an individual becoming a victim of a phishing attempt. High susceptibility increases the likelihood that cyber threat actors can exploit their target.
Don’t be a victim! You can prevent phishing success and limit its negative impacts, should initial access occur. Here’s how this adversarial technique works:

1. SELECT THE BAIT
2. SET THE HOOK
3. REEL IN THE CATCH OF THE DAY
4. ACTIONS TO HELP PREVEMT BEING HOOKED IN A PHISHING ATTACK


Analysis and findings presented in this infographic are derived from phishing-related data collected during CISA. Assessments. CISA conducts cybersecurity assessments for federal and critical infrastructure partners to reduce their vulnerability exposure and risk of compromise. To learn more about CISA services, contact [email protected] For additional information on steps to reduce your phishing susceptibility and cybersecurity risk, see CISA’s Cross-Sector Cybersecurity Performance Goals (CPG).


1. BLOCK THE BAIT
2. DON’T TAKE THE BAIT
3. REPORT THE HOOK
4. PROTECT THE WATERS


Source:
https://www.cisa.gov/phishing-infographic